CVE-2014-0160
タイトル: CVE-2014-0160
アナウンス: 2014年4月7日
修正されたバージョン: LibreOffice 4.2.3
詳細:
The TLS and DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, aka the Heartbleed bug.
Users are recommended to upgrade to 4.2.3 to avoid this flaw when using the packages provided from www.libreoffice.org which include a bundled copy of openssl.
LibreOffice 4.1 line uses an older copy of openssl that is not vulnerable.
参考資料:
Follow Us